It estimates a two-year design and implementation phase, plus a potential 15 years of support and licencing.

Demand for the secure communications infrastructure comes amid a huge nationwide shift to digital signalling and communications systems across the UK’s railways.

Over half of Britain’s analogue signalling systems will need to be replaced within the next 15 years, in the biggest rail infrastructure shift since the 1960s’ shift from coal to diesel.

Network Rail Cryptographic Key Request: What’s Needed?

Cryptographic keys are required by each European Train Control System (ETCS) Radio Block Centre (RBC) and each ETCS On Board Unit (OBU) to communicate over rail’s “GSM-R” network securely.

“The supplier will be required to provide and implement an efficient and intuitive National Online Key Management System (OKMS) which will generate, store, manage, distribute, archive and delete software cryptographic keys for the UK railway”, Network Rail said.

The system will also support offline key distribution by allowing encrypted keys to be sent via a variety of methods including physical media, email and remote download, Network Rail added.

This will include software and hardware for online and offline distribution, public key infrastructure to enable online distribution of authentication keys (KMACs) via GPRS and FTNx and “provide the opportunity to use the PKI system for other functionality.”

A disclaimer: “Interested parties are advised that Network Rail do not currently have budget approval for this scope of work, this procurement process will generate a cost which will be presented to the sponsor to secure Investment Panel approval before any contract can be awarded.”

Expressions of interest need to be in by June 22.

See also: EXCLUSIVE: GCHQ, NSA Still Using Punched Paper Tape to Produce Crypto Keys